A now-closed Facebook exploit took advantage of cross site scripting to inject malicious code into Yelp. Yelp is one of the three sites that have been deemed fit for Facebook s highly controversial Instant Personalization feature. The most-rewarded flaw is XSS, which is among those that are relatively cheap for organizations to identify. The high-severity cross-site scripting flaws could allow remote-code injection on QNAP NAS systems. Read the full article on Facebook exploit.
Source: https://threatpost.com/facebook-yelp-instant-personalization-has-holes-051110/73950/